AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently amended) A method for associating computer network identifications 
with network policies, said method comprising the steps of: 

analyzing a network interface associated with a client computer using a 

plurality of network detectors, the detectors outputting a set of a plurality 
of netspecs, each netspec comprising a first token identifying a detector 
used for the analysis and a second token identifying the analyzed network 
interface; 

sorting the set of netspecs in a priority order based at least in part on the 
reliability of the detectors that output the netspecs , wherein detectors 
considered more reliable in observing network interfaces than other 
detectors are awarded priority in the sorting ; 

associating the network identifications made by the set of netspecs with 

locations based at least in part on the priority order of the set of netspecs; 
and 

feeding associated network identification/location pairs to a network interface 
module to implement desired network policies. 

2. (Original) The method of claim 1 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

3. (Original) The method of claim 1 wherein the network interface module is a 
firewall, and a user of the client computer adjusts firewall settings to set network policies 
based upon location. 

4. (Canceled) 

5. (Canceled) 

6. (Previously Presented) The method of claim 1 wherein the priority order is set by 
a user of the client computer. 
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7. (Previously Presented) The method of claim 1 wherein the step of associating the 
network identifications with locations comprises using a network probe to look up locations 
in a netspec database. 

8. (Original) The method of claim 7 wherein a user of the client computer modifies 
the netspec database via a location setting module. 

9. (Previously Presented) The method of claim 1 wherein the step of feeding the 
associated network identification/location pairs to a network interface module comprises 
using a policy guide to feed the network identification/location pairs to the network interface 
module on a real-time basis. 

10. (Currently amended) Apparatus An apparatus for associating computer network 
identifications with network policies, said apparatus comprising: 

a computer- readable storage medium storing executable software means comprising: 
means for analyzing a network interface associated with a client computer 
using a plurality of network detectors, the detectors outputting a set of a_ 
plurality of netspecs, each netspec comprising a first token identifying a 
detector used for the analysis and a second token identifying the analyzed 
network interface; 

coupled to the analyzing means, means for sorting the set of netspecs in a 
priority order based at least in part on the reliability of the detectors that 
output the netspecs , wherein detectors considered more reliable in 
observing network interfaces than other detectors are awarded priority in 
the sorting ; 

coupled to the sorting means, means for associating the network 

identifications made by the set of netspecs with locations based at least in 
part on the priority order of the set of netspecs; and 

coupled to the associating means, means for feeding associated network 
identification/location pairs to a network interface module to implement 
desired network policies ; and 
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a processor configured to execute the software means stored by the computer- 
readable storage medium . 

1 1 . (Original) The apparatus of claim 10 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

12. (Original) The apparatus of claim 10 wherein the network interface module is a 
firewall, and the network policies are implemented on a packet-by-packet basis. 

13. (Original) The apparatus of claim 12 wherein locations are correlated with 
firewall settings on a distributed basis within the firewall. 

14. (Canceled) 

15. (Canceled) 

16. (Previously Presented) The apparatus of claim 10 wherein the associating means 
further comprises: 

a netspec database associating the netspecs with the locations. 

17. (Previously Presented) The apparatus of claim 16 further comprising, coupled to 
the netspec database, a location setting module adapted to enable a user of the client 
computer to associate the locations with the netspecs. 

18. (Previously Presented) The apparatus of claim 10 wherein the feeding means 
comprises: 

a policy guide for associating the network identifications with the locations; 
wherein 

the network interface module implements the network policies based upon the 
locations fed to the network interface module by the policy guide. 

19. (Previously Presented) The apparatus of claim 10 further comprising, coupled to 
the network interface module, a user interface adapted to enable a user of the client computer 
to associate the locations with the network policies. 

20. (Canceled) 
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21. (Currently amended) At least one computer-readable medium containing 
computer program instructions for associating computer network identifications with 
network policies, said computer program instructions performing the steps of: 

analyzing a network interface associated with a client computer using a 

plurality of network detectors, the detectors outputting a set of a plurality 
of netspecs, each netspec comprising a first token identifying a detector 
used for the analysis and a second token identifying the analyzed network 
interface; 

sorting the set of netspecs in a priority order based at least in part on the 
reliability of the detectors that output the netspecs , wherein detectors 
considered more reliable in observing network interfaces than other 
detectors are awarded priority in the sorting ; 

associating the network identifications made by the set of netspecs with 

locations based at least in part on the priority order of the set of netspecs; 
and 

feeding associated network identification/location pairs to a network interface 
module to implement desired network policies. 

22. (Previously Presented) The method of claim 1, wherein the client computer has a 
plurality of network interfaces and further comprising: 

analyzing each of the plurality of network interfaces using the plurality of 

network detectors; and 
analyzing the netspecs for the plurality of network interfaces output by the 

plurality of network detectors to identify a set of unique network 

interfaces; 

wherein interfaces in the set of unique network interfaces are associated with 
locations responsive to the priority order. 

23. (Previously Presented) The method of claim 1, further comprising: 
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associating the network interface with a location associated with a highest 
priority netspec in the set. 
24. (New) The method of claim 1, wherein the plurality of netspecs comprises a first 
netspec and a second netspec, and wherein the sorting the set of netspecs in a priority order 
further comprises: 

determining that a detector that output the first netspec is more reliable in observing 
network interfaces than a detector that output the second netspec; and 

awarding a higher priority to the first netspec based on the first netspec being output 
by the more reliable detector; and 

sorting the first and second netspecs according to the priority awarded, the first 

netspec being given a higher priority in the sorting than the second netspec. 
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